Supabase is an open source Firebase alternative. Start your project with a Postgres database, Authentication, instant APIs, Edge Functions, Realtime subscriptions, and Storage.

Supabase

Does anyone have suggestions to prevent malicious database modification from users? I'm designing an application where basically all the runtime will be through Edge Functions, but don't want users to authenticate themselves using their bearer token for direct database access (even with RLS). Would it be best to proxy all user data through system-level database access within the function and give users zero access by themselves?

Hello <@652314275188310020>!
This thread has been automatically created from your message in <#843999948717555735> a ``few seconds ago``.

Pinging <@&951828363943759883> so that they see this as well!

**Want to unsubscribe from this thread?**
Right-click the thread in Discord (or use the ... menu) and select **Leave Thread** to unsubscribe from future updates.

**Want to change the title?**
Use the `/title` command!

**We have solved your problem?**
Click the button below to archive it.

checkout `NOLOGIN` in https://www.postgresql.org/docs/current/sql-createrole.html

note that I'm familiar with some of the opensource components of supabase such as `postgres` and `postgrest` though not that familiar with supabase it self. 

After thinking a few minutes the bearer token is just a token between the user and `postgrest` and won't allow a login to `postgres` db  directly.

Thank you very much, I'll take a look at that

Thread was archived by <@652314275188310020>. Anyone can send a message to unarchive it.